Xiaomi M365 Custom Firmware

motor_power_constants.asm

0x00004e1e movw r2, #0xc977
0x00004e26 movw r1, #0xc977
0x00004e3e movw r2, #0xc977
0x00004e46 movw r1, #0xc977
0x00004e5c movw r3, #0xc977

motor_power_subroutine.c

void sub_4dec(int arg0, int arg1, int arg2) {
    r2 = arg2;
    r12 = *(int8_t *)0x20000610;
    r7 = 0x20000610;
    asm { ldrd       r4, r3, [r7, #0x8] };
    r7 = *(r7 + 0x4);
    if (r12 >= 0x7) goto loc_4e70;

loc_4e06:
    goto *0x4e0a[r2];

loc_4e70:
    asm { strd       r1, r2, [r0] };
    return;

loc_4e12:
    r2 = SAR(0xc977 * (sign_extend_32(*0x4001243c) - r4), 0xa);
    goto loc_4e70;

loc_4e54:
    r2 = *0x4001283c;
    r2 = SAR(0xc977 * (sign_extend_32(r2) - r4), 0xa);
    goto loc_4e70;
}

The patched version of the flash tool already includes a number of bin files but gives no way to actually use the firmware customized on that website - or am I missing something? I've tried to re-package the app with replaced bin files but the flashing fails at 99% :-) Any ideas?

UPDATE: used the wrong app - see BotoX/xiaomi-m365-firmware-patcher#3

@losnir do you have starting point / rom size for the firmware files to load in IDA/hopper, cheers.

Hi, does anyone have more information on how to decompile the firmware binary files? I know it has the Cortex-m3 processor which uses the armv7 architecture.

Anyone got update on this?

I would like to access the assembler code itself to be able to adjust it on my own and from that create a .bin legit file which I can load into the m365.